Cisco Blogs


Cisco Blog > Security

The Risk of Remote Connection: What’s Your Plan?

July 17, 2014 at 6:00 am PST

As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem. However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world.

This blog series, authored by Kathy Trahan, will explore the topic of enterprise mobility security from a situational level and provide insight into what leaders can do now to mitigate risk. To read the first post focused on securing device freedom, click here. – Bret Hartman, Chief Technology Officer (CTO) for Cisco’s Security Technology Group

Imagine two of your executives are using a SaaS platform while working off an unsecure hotel Wi-Fi network nearby. Did you know that SaaS and B2B applications are 15 times more likely than pornography to deliver malicious content across a network?

The threats against a remote connection are unfortunately very real and using an unprotected network to access company assets (whether on-premise or in the cloud) can have serious consequences.

As the growth of mobility and cloud blur the lines of our personal and business lives, the “mobile cloud” has drawn users (consumer or employee) to its convenience. According to a recent Gallup poll, nearly 80% of workers had positive feelings for using their own computers and mobile devices to stay connected to work outside of normal business hours.

For IT, the mobile cloud offers huge management efficiencies. Recent Cisco mobility research confirms that mobility strategies are converging with cloud strategies. However, it also forces IT and business leaders to find a happy medium between encouraging corporate productivity and addressing a new wave of security concerns. From the same research, nearly half of the organizational leaders surveyed say security risks can prevent them from moving forward with mobility initiatives.

Despite these risks, It is hard to dispute that off premise access provides significant productivity gains especially as organizations see mobility as a competitive edge to embrace.

As more mobile users enter the market, (over half a billion devices were added just last year) and the number of remote workers becomes more ubiquitous, the expectation is that networks and access should be the same, regardless of location.

Read More »

Tags: , , , ,

The Expanding Burden of Security

July 8, 2014 at 6:00 am PST

[ed. Note: This post was updated 7/9/2014 to include new information not available to the author at the time of original publishing]

I just returned from the Gartner Security Summit at the Gaylord Resort in National Harbor Maryland. Each morning I took my run along the Potomac River and passed this sculpture of a man buried in the sand.

KT_sandman

In speaking with many IT executives they expressed specific concerns around their IT security, and this sculpture of the “man in the sand” took on new meaning for me. I could see how they might similarly feel overwhelmed and buried given their limited resources and the abundance of threats to their environments. Yes, I’ve been in this industry too long! Anyway, throughout all of my conversations it was abundantly clear that people were looking for a new way to approach securing their networks and applications. Customers are recognizing that unsecured access to the network is a critical threat vector; however, when leveraged properly, the network itself also provides a significant platform that offers comprehensive protection to close those gaps. So, what do I mean by that?

The network uniformly sees and participates in everything across the threat continuum, whether before, during or after an attack. If we can leverage the insights and inherent control the network provides, IT organizations can truly augment their overall end-to-end security across this continuum. If done correctly, this augmentation can happen without investing a large amount of time, energy, and resources in filling all the gaps to secure their environments -- regardless of legacy network, endpoint, mobile, virtual, or cloud usage models

Cisco strongly believes that the network must work intimately with various security technologies in a continuous fashion to offer protection for networks, endpoints, virtual, data centers and mobile.

The New Security Model

Given Cisco’s breadth and depth of security, we did not have room to exhibit our networking devices. However, within much of our networking (and even security) offerings, we have embedded security capabilities that provide more comprehensive protection across the entire threat continuum.

An example of this is Cisco TrustSec embedded network access enforcement, which provides network segmentation based on highly differentiated access policies. Cisco TrustSec works with Cisco ISE to provide consistent secure access that is mapped to IT business goals. Cisco ISE and TrustSec are part of the Cisco Unified Access solution and leverage a superior level of context and simplified policy management across the entire infrastructure in order to ensure that the right users and devices gain the right access to the right resources at any given time.

Cisco’s integrated approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection, which, in turn, allows customers to prioritize more efficiently and act more quickly - before, during, and after an attack. Through Cisco’s New Security Model, we help you achieve a more pleasant experience and get you dug out of the sand. To learn more and go beyond just a shovel and pail, go to Cisco’s Security Page.

Tags: , , , , , , , ,

Dimension Data Series #4- The Opportunities and Risk of Secure Mobility from the Top Down

Mobile security is a top concern for IT and business leaders. This blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies and mobility goals. This blog will address the opportunities and risk of secure mobility from the top down. The first blog in this series discussing how concerns outweigh actions when it comes to mobility security can be found here. The second blog in this series highlighting how IT and business leaders can work together to develop secure mobility policies can be found here. The third blog in this series discussing how to close the gap between vision and real-world implementation can be found here.

Throughout this blog series, we’ve discussed several key aspects of implementing secure mobility policies and programs to ensure organizations can reap the benefits of mobility now and in the future. It’s clear that mobility is a top priority for IT and business leaders and most have a clear vision of the role mobility can and will play in their organization. Overall, they see both the risks and the rewards.

That said, responses gathered in the recent Dimension Data Secure Mobility Global Survey point to a gap between that overall vision and the likely real-world outcomes organizations will face – given that a number of crucial initial steps can ultimately save time, reduce costs, and, most importantly, ensure appropriate security controls are in place.

In this post, I’ll highlight the real opportunities and risk regarding mobility and security – and how business leaders can address the disparity between vision and actual deployment now and for years to come.

Understanding the Opportunity and the Real Risk

The threat to an organization’s proprietary information is certainly foremost in the minds of IT and security leaders. Interestingly, 71% of respondents of the recent Dimension Data survey indicated that their business leaders view employee utilization of personal mobile devices as potentially dangerous, costly and not business critical.

IT concerns about secure enterprise mobility risk are many. These include the introduction of malware into the environment from largely unmanaged devices or devices that organizations have little to no control over and the data leakage challenges by allowing users to have various parts of data outside of the network. In addition, many IT leaders ask:

  • “How are we actually going to deploy mobility security?”
  • “How are we going to support the users?”
  • “Will our IT help desk be able to meet the around-the-clock requests that today’s users demand?”

Read More »

Tags: , , ,

Dimension Data Series #3: Closing the Gap Between the Secure Mobility Vision and Real-World Implementation

Mobile security is a top concern for IT and business leaders. This blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies and mobility goals. This blog will address closing the gap between secure mobility vision and real-world implementation. The first blog in this series discussing how concerns outweigh actions when it comes to mobility security is here. The second blog in this series highlighting how IT and business leaders can work together to develop secure mobility policies is here.

There is a gap between the vision for secure mobility and the real-world implementation.

How do we know a gap exists? A recent Dimension Data Secure Mobility Survey report indicates 79% of IT leaders believe mobility is a top priority and 69% of those surveyed already have a mobility roadmap in place. The vision looks good, right? However, only 29% of those implementing their roadmap have tested their core applications, and only 32% have conducted a security audit of the applications.

Today, IT is faced with the challenge of providing any user from any location on any device access to any of the corporate applications, all while keeping assets and users secure. These perimeters add up to a complex equation and it’s contributing to this gap in IT leaders’ approach to vision and action for mobility deployments. How can IT and business leaders work to address this disparity?

Listed below are a few steps that should be considered to help turn the secure mobility vision into a reality. Taking a careful assessment of what mobility can offer and applying these steps can make the difference between a successful implementation and being derailed by unforeseen problems.

Read More »

Tags: , , , , ,

Mobile Security: Actions Speak Louder than Words

Mobile security is a top concern for IT and business leaders. This guest authored blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies to achieve mobility goals. We are pleased to introduce our guest author Darryl Wilson, Director, Enterprise Mobility for Dimension Data Americas, as the first in this series – Darryl will address how a balanced approach to security can yield better business results. 

didata

 

 

dwilson

By Guest Contributor Darryl Wilson

Director, Enterprise Mobility for Dimension Data Americas

Darryl Wilson has more than 15 years of experience overseeing large scale network communications projects both from a technical delivery and pre-sales perspective. Wilson’s areas of expertise include unified communications, network performance, troubleshooting and optimization.

 

The evolution to a mobile-centric workforce has been relatively short, thanks to an explosion of innovation and emerging mobile and cloud technologies. Just a few years ago, BYOD was a hot topic of conversation and mobile device management (MDM) solutions offered a simple way to secure an influx of devices and users.

However, today we are seeing that the tactical implementation of MDM solutions is not enough to control a multi-device, multi-vendor, and multi-OS mobility landscape. In fact, most of the companies I work with are using solutions that have not been optimized or customized for today’s ever-changing mobile world. In addition, security concerns have left many organizations feeling like they need to choose between control and truly reaping the business value mobility offers.

Cisco_DimensionData#1_4.9.14

For example, in a recent Dimension Data Secure Mobility Survey Report, 79% say mobility is a top priority for their organization. However, the report indicates that a much smaller segment of those IT leaders’ actions back it up. Seventy-seven percent of those surveyed believe data is the greatest concern pertaining to mobility, yet only 55% have a mobility roadmap in place. If securing company data and successfully implementing a mobile policy is of such importance, why aren’t more IT leaders taking strategic action?

Read More »

Tags: , , , , , ,